Bad news: Almost 200,000 sites still have Heartbleed vulnerabilities

You may have thought that you were done worrying about Heartbleed. But it seems like some really terrible patching practices has resulted in it still being a major problem for IT. 

Here’s the short version: Two years and nine months ago, a flaw was discovered in OpenSSL that could allow hackers to reveal encrypted data or infect systems. This could include revealing passwords, cookies and more.

A fix was put out so that vulnerable servers and websites could be patched.

Flash forward to today. A new study finds that despite the vulnerability being well known and the fixes being readily available, there are still more than 192,000 servers that haven’t been patched.

There’s no excuse for this, especially given that 60% of Americans, not just computer pros, knew about Heartbleed in 2014.

Be alert: No vulnerability really goes away until everyone takes security seriously.